Alert Logic Cloud Defender is a comprehensive suite of security software, including Threat Manager, Log Manager, and Web Security Manager. All customers that subscribe to one or more of the listed products will use the Alert Logic console. The suite is available for cloud environments, physical environments, and any hybrid environment.
Cloud Defender requires that you update your firewall rules to allow Alert Logic access to your system. For more information, see the Firewall rules guide.
Before Alert Logic can manage the protection of your AWS and Azure accounts, you must provide Alert Logic with access to your account.
Manual deployments, which utilize a physical appliance, have no extra steps for Cloud Defender integration.
The Deployments page in the Alert Logic console shows all the implementations of Cloud Defender, and it allows you to add, edit, and delete deployments.
To create a deployment:
- In the Alert Logic console, click CONFIGURATION, and then click Deployments.
- Click the add icon ().
- Select the appropriate cloud service.
- Enter the requested information.
- For an AWS deployment:
- Enter the Role ARN.
- Check the box at the bottom if you want to use cross-account CloudTrail to centralize CloudTrail log collection, and then enter the Role ARN for the receiving account.
- For a Microsoft Azure deployment:
- Enter the Environment Name
- Enter the Subscription ID
- Enter the Active Directory ID
- Enter the User Name
- Enter the Password
- Click SAVE.
For more detailed information about Deployments, see Deployments.
Deployments on cloud services use the roles created above to automatically install appliances. Manual deployments must follow this set of instructions.
When an appliance is automatically provisioned, the system creates one or two assignment policies, using the following guidelines:
- Alert Logic creates an assignment policy for each appliance during the provisioning process.
- If no VPC or VNet assignment policy exists, Alert Logic creates one and assigns the appliance to it.
- If a VPC or VNet assignment policy exists, Alert Logic assigns the appliance to it.
Determine how you will deploy Cloud Defender, and then install the appropriate physical or virtual appliance.
|Log Manager||Threat Manager||Web Security Manager|
|Install the physical appliance||Install the physical appliance||Not applicable|
|Install the Log Manager virtual appliance||Install the Threat Manager Virtual Appliance|
To use Cloud Defender suite functions, you must install the Alert Logic agent, or set up agentless collection, and then configure the collection sources to send data to the appliance for your systems to be monitored.
If you have an active IAM or RBAC role (for AWS or Azure, respectively), and have configured agents to automatically update, the agent you install automatically assigns itself to the local appliance and you need not enter the Unique Registration Key.
- Install the Alert Logic agent:
- Set up Agentless collection (Log Manager only):
After deployment is complete, you must configure each product for use.
Threat Manager policies
The Threat Manager appliance deploys with default policies. AWS deployments automatically configure these policies for you for their environment. To create and edit Threat Manager policies, see Network IDS policies.
Log Manager collection sources and policies
To set up Log Manager, you must:
- Set up collection sources.
- Modify policies. Log Manager deploys with default policies. AWS deployments automatically configure these policies for you for their environment. To create and edit Log Manager policies, refer to the Log Manager policies guide.
Web Security Manager
Alert Logic prefers that customers work with their assigned Project Manager to complete deployment of Web Security Manager.